Ransomware utilizing a leaked NSA exploit is currently infecting countless computers across the globe.
The attack, known as “WannaCry,” encrypts Windows users’ computer files before demanding a $300 payment in Bitcoin. Although Microsoft issued a patch for the vulnerability in March, thousands of users have either failed to apply the update or are running outdated operating systems.
The ransomware is spreading at an alarming rate given its use of “EternalBlue,” a powerful NSA SMB exploit recently leaked online by the mysterious Shadow Brokers hacking group.
A ransomware spreading in the lab at the university pic.twitter.com/8dROVXXkQv
— ReadNierAutomata (@dodicin) May 12, 2017
The attack has been reported thus far in 74 countries including the US, UK, China, Russia and Spain.
Fresh IDR based heatmap for WanaCrypt0r 2.0 ransomware (WCry/WannaCry).
Also follow @MalwareTechBlog‘s tracker: https://t.co/mjFwsT3JzH pic.twitter.com/SPeZfBpckm— MalwareHunterTeam (@malwrhunterteam) May 12, 2017
Screenshots of infected machines everywhere from universities to the Russian Interior Ministry were shared widely online Friday.
Looks like this ransomware campaign reached the Russian Interior Ministry https://t.co/UVhBIDgQNN (hat tip to tipster) pic.twitter.com/MAxoWrnSL2
— Joseph Cox (@josephfcox) May 12, 2017
Other victims include as many as 16 NHS hospitals in the UK – many of which are still using Windows XP – as well as FedEx and multiple telecommunications companies across Europe.
Here’s what a London GP sees when trying to connect to the NHS network pic.twitter.com/lV8zXarAXS
— Rory Cellan-Jones (@ruskin147) May 12, 2017
Windows users are being urged to either upgrade their operating systems or to apply security patches immediately.
IF YOU HAVE NOT APPLIED THESE SECURITY PATCHES FROM MICROSOFT https://t.co/tTotbKuZlh. DO SO NOW OR GET OFF THE INTERNET PLEASE.
— 🏴 Lauri Love 🏴 (@laurilove) May 12, 2017
Then even if you fall behind, a patch doesn’t get applied, antivirus doesn’t work – it makes it very difficult to spread.
— Kevin Beaumont (@GossiTheDog) May 12, 2017
How not to be hit by WCry 2.0: Apply MS17-010 immediately, remove NT4, 2000, XP-2003 from production, Firewall ports 445/139 & 3389. Simple.
— Hacker Fantastic (@hackerfantastic) May 12, 2017
Cybersecurity companies are also attempting to create a decryption tool that would allow users to retrieve their files without being forced to pay the ransom.
The Emergency Election Sale is now live! Get 30% to 60% off our most popular products today!